US7036147B1 - System, method and computer program product for eliminating disk read time during virus scanning - Google Patents
System, method and computer program product for eliminating disk read time during virus scanning Download PDFInfo
- Publication number
- US7036147B1 US7036147B1 US10/028,054 US2805401A US7036147B1 US 7036147 B1 US7036147 B1 US 7036147B1 US 2805401 A US2805401 A US 2805401A US 7036147 B1 US7036147 B1 US 7036147B1
- Authority
- US
- United States
- Prior art keywords
- data
- access pattern
- file access
- file
- thread
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/80—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
Description
|
||
1) Identification of the applicable file. | ||
2) Number of read accesses made (n) | ||
3) n × Read access patterns. | ||
|
|
1) | Location in the file (measured as an offset from the first byte |
in the file). This may be stored in binary format as an unsigned | |
integer. | |
2) | Amount of data read from the location (measured as number of |
bytes read). This may be stored in binary format as an | |
unsigned integer. | |
|
|
1) | When a scanner is initialized (normally on resetting or powering |
on the PC) the database may be read from disk, decompressed and | |
stored in RAM (where there is available RAM). | |
2) | During the scanning process, the database in RAM may be |
modified with new file access patterns. Accessing the | |
database in RAM may be faster than retrieval from disk. | |
3) | On shutdown of the scanning process (normally on power off |
or reset, or finishing the scan), the database in RAM | |
may be compressed and written to a disk file for persistent storage. | |
4) | The individual file access patterns may be stored in an efficient |
binary format native to the associated computer. A binary format | |
uses less space and is faster to process than a human-readable | |
text string. | |
Claims (26)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/028,054 US7036147B1 (en) | 2001-12-20 | 2001-12-20 | System, method and computer program product for eliminating disk read time during virus scanning |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/028,054 US7036147B1 (en) | 2001-12-20 | 2001-12-20 | System, method and computer program product for eliminating disk read time during virus scanning |
Publications (1)
Publication Number | Publication Date |
---|---|
US7036147B1 true US7036147B1 (en) | 2006-04-25 |
Family
ID=36191227
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/028,054 Active 2024-05-13 US7036147B1 (en) | 2001-12-20 | 2001-12-20 | System, method and computer program product for eliminating disk read time during virus scanning |
Country Status (1)
Country | Link |
---|---|
US (1) | US7036147B1 (en) |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050132205A1 (en) * | 2003-12-12 | 2005-06-16 | International Business Machines Corporation | Apparatus, methods and computer programs for identifying matching resources within a data processing network |
US20060288416A1 (en) * | 2005-06-16 | 2006-12-21 | Microsoft Corporation | System and method for efficiently scanning a file for malware |
US20070244920A1 (en) * | 2003-12-12 | 2007-10-18 | Sudarshan Palliyil | Hash-Based Access To Resources in a Data Processing Network |
US20070266436A1 (en) * | 2006-05-11 | 2007-11-15 | Eacceleration Corporation | Accelerated data scanning |
US20080028466A1 (en) * | 2006-07-26 | 2008-01-31 | Michael Burtscher | System and method for retrieving information from a storage medium |
US20080208935A1 (en) * | 2003-12-12 | 2008-08-28 | International Business Machines Corporation | Computer Program Product and Computer System for Controlling Performance of Operations within a Data Processing System or Networks |
US20080320423A1 (en) * | 2007-06-25 | 2008-12-25 | International Business Machines Corporation | System and method to protect computing systems |
US20080320313A1 (en) * | 2007-06-25 | 2008-12-25 | Elie Awad | System and method to protect computing systems |
US20090019547A1 (en) * | 2003-12-12 | 2009-01-15 | International Business Machines Corporation | Method and computer program product for identifying or managing vulnerabilities within a data processing network |
US20090199297A1 (en) * | 2008-02-04 | 2009-08-06 | Microsoft Corporation | Thread scanning and patching to disable injected malware threats |
US7681237B1 (en) * | 2004-05-13 | 2010-03-16 | Symantec Corporation | Semi-synchronous scanning of modified files in real time |
US20100071064A1 (en) * | 2008-09-17 | 2010-03-18 | Weber Bret S | Apparatus, systems, and methods for content selfscanning in a storage system |
US8656494B2 (en) | 2012-02-28 | 2014-02-18 | Kaspersky Lab, Zao | System and method for optimization of antivirus processing of disk files |
US8984644B2 (en) | 2003-07-01 | 2015-03-17 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9100431B2 (en) | 2003-07-01 | 2015-08-04 | Securityprofiling, Llc | Computer program product and apparatus for multi-path remediation |
US9117069B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Real-time vulnerability monitoring |
US9118710B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | System, method, and computer program product for reporting an occurrence in different manners |
US9118708B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Multi-path remediation |
US9118711B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9118709B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
CN105045661A (en) * | 2015-08-05 | 2015-11-11 | 北京瑞星信息技术有限公司 | Scan task scheduling method and system |
US9350752B2 (en) | 2003-07-01 | 2016-05-24 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US10229161B2 (en) * | 2013-09-20 | 2019-03-12 | Oracle International Corporation | Automatic caching of scan and random access data in computing systems |
US10331573B2 (en) | 2016-11-04 | 2019-06-25 | Oracle International Corporation | Detection of avoidable cache thrashing for OLTP and DW workloads |
US10430338B2 (en) | 2008-09-19 | 2019-10-01 | Oracle International Corporation | Selectively reading data from cache and primary storage based on whether cache is overloaded |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5257370A (en) * | 1989-08-29 | 1993-10-26 | Microsoft Corporation | Method and system for optimizing data caching in a disk-based computer system |
US5473769A (en) * | 1992-03-30 | 1995-12-05 | Cozza; Paul D. | Method and apparatus for increasing the speed of the detecting of computer viruses |
US5502815A (en) * | 1992-03-30 | 1996-03-26 | Cozza; Paul D. | Method and apparatus for increasing the speed at which computer viruses are detected |
US5577224A (en) * | 1994-12-13 | 1996-11-19 | Microsoft Corporation | Method and system for caching data |
US5893086A (en) | 1997-07-11 | 1999-04-06 | International Business Machines Corporation | Parallel file system and method with extensible hashing |
US6137043A (en) | 1990-01-05 | 2000-10-24 | Creative Technology Ltd. | Digital sampling instrument employing cache memory |
US6763466B1 (en) * | 2000-01-11 | 2004-07-13 | Networks Associates Technology, Inc. | Fast virus scanning |
-
2001
- 2001-12-20 US US10/028,054 patent/US7036147B1/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5257370A (en) * | 1989-08-29 | 1993-10-26 | Microsoft Corporation | Method and system for optimizing data caching in a disk-based computer system |
US6137043A (en) | 1990-01-05 | 2000-10-24 | Creative Technology Ltd. | Digital sampling instrument employing cache memory |
US5473769A (en) * | 1992-03-30 | 1995-12-05 | Cozza; Paul D. | Method and apparatus for increasing the speed of the detecting of computer viruses |
US5502815A (en) * | 1992-03-30 | 1996-03-26 | Cozza; Paul D. | Method and apparatus for increasing the speed at which computer viruses are detected |
US5577224A (en) * | 1994-12-13 | 1996-11-19 | Microsoft Corporation | Method and system for caching data |
US5893086A (en) | 1997-07-11 | 1999-04-06 | International Business Machines Corporation | Parallel file system and method with extensible hashing |
US6763466B1 (en) * | 2000-01-11 | 2004-07-13 | Networks Associates Technology, Inc. | Fast virus scanning |
Cited By (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9118711B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9225686B2 (en) | 2003-07-01 | 2015-12-29 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US8984644B2 (en) | 2003-07-01 | 2015-03-17 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US10021124B2 (en) | 2003-07-01 | 2018-07-10 | Securityprofiling, Llc | Computer program product and apparatus for multi-path remediation |
US9118709B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9100431B2 (en) | 2003-07-01 | 2015-08-04 | Securityprofiling, Llc | Computer program product and apparatus for multi-path remediation |
US9350752B2 (en) | 2003-07-01 | 2016-05-24 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9118708B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Multi-path remediation |
US10050988B2 (en) | 2003-07-01 | 2018-08-14 | Securityprofiling, Llc | Computer program product and apparatus for multi-path remediation |
US10154055B2 (en) | 2003-07-01 | 2018-12-11 | Securityprofiling, Llc | Real-time vulnerability monitoring |
US9117069B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | Real-time vulnerability monitoring |
US10104110B2 (en) | 2003-07-01 | 2018-10-16 | Securityprofiling, Llc | Anti-vulnerability system, method, and computer program product |
US9118710B2 (en) | 2003-07-01 | 2015-08-25 | Securityprofiling, Llc | System, method, and computer program product for reporting an occurrence in different manners |
US20080208935A1 (en) * | 2003-12-12 | 2008-08-28 | International Business Machines Corporation | Computer Program Product and Computer System for Controlling Performance of Operations within a Data Processing System or Networks |
US7752669B2 (en) | 2003-12-12 | 2010-07-06 | International Business Machines Corporation | Method and computer program product for identifying or managing vulnerabilities within a data processing network |
US7689835B2 (en) | 2003-12-12 | 2010-03-30 | International Business Machines Corporation | Computer program product and computer system for controlling performance of operations within a data processing system or networks |
US8024306B2 (en) | 2003-12-12 | 2011-09-20 | International Business Machines Corporation | Hash-based access to resources in a data processing network |
US20050132205A1 (en) * | 2003-12-12 | 2005-06-16 | International Business Machines Corporation | Apparatus, methods and computer programs for identifying matching resources within a data processing network |
US20090019547A1 (en) * | 2003-12-12 | 2009-01-15 | International Business Machines Corporation | Method and computer program product for identifying or managing vulnerabilities within a data processing network |
US20070244920A1 (en) * | 2003-12-12 | 2007-10-18 | Sudarshan Palliyil | Hash-Based Access To Resources in a Data Processing Network |
US7681237B1 (en) * | 2004-05-13 | 2010-03-16 | Symantec Corporation | Semi-synchronous scanning of modified files in real time |
US7861296B2 (en) * | 2005-06-16 | 2010-12-28 | Microsoft Corporation | System and method for efficiently scanning a file for malware |
US20060288416A1 (en) * | 2005-06-16 | 2006-12-21 | Microsoft Corporation | System and method for efficiently scanning a file for malware |
US7930749B2 (en) * | 2006-05-11 | 2011-04-19 | Eacceleration Corp. | Accelerated data scanning |
US20070266436A1 (en) * | 2006-05-11 | 2007-11-15 | Eacceleration Corporation | Accelerated data scanning |
US20080028466A1 (en) * | 2006-07-26 | 2008-01-31 | Michael Burtscher | System and method for retrieving information from a storage medium |
US8341428B2 (en) | 2007-06-25 | 2012-12-25 | International Business Machines Corporation | System and method to protect computing systems |
US20080320313A1 (en) * | 2007-06-25 | 2008-12-25 | Elie Awad | System and method to protect computing systems |
US20080320423A1 (en) * | 2007-06-25 | 2008-12-25 | International Business Machines Corporation | System and method to protect computing systems |
US8387139B2 (en) | 2008-02-04 | 2013-02-26 | Microsoft Corporation | Thread scanning and patching to disable injected malware threats |
US20090199297A1 (en) * | 2008-02-04 | 2009-08-06 | Microsoft Corporation | Thread scanning and patching to disable injected malware threats |
US20100071064A1 (en) * | 2008-09-17 | 2010-03-18 | Weber Bret S | Apparatus, systems, and methods for content selfscanning in a storage system |
US10430338B2 (en) | 2008-09-19 | 2019-10-01 | Oracle International Corporation | Selectively reading data from cache and primary storage based on whether cache is overloaded |
US8656494B2 (en) | 2012-02-28 | 2014-02-18 | Kaspersky Lab, Zao | System and method for optimization of antivirus processing of disk files |
US10229161B2 (en) * | 2013-09-20 | 2019-03-12 | Oracle International Corporation | Automatic caching of scan and random access data in computing systems |
CN105045661B (en) * | 2015-08-05 | 2018-06-22 | 北京瑞星网安技术股份有限公司 | The dispatching method and system of scan task |
CN105045661A (en) * | 2015-08-05 | 2015-11-11 | 北京瑞星信息技术有限公司 | Scan task scheduling method and system |
US10331573B2 (en) | 2016-11-04 | 2019-06-25 | Oracle International Corporation | Detection of avoidable cache thrashing for OLTP and DW workloads |
US11138131B2 (en) | 2016-11-04 | 2021-10-05 | Oracle International Corporation | Detection of avoidable cache thrashing for OLTP and DW workloads |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7036147B1 (en) | System, method and computer program product for eliminating disk read time during virus scanning | |
US7152241B2 (en) | Intelligent network scanning system and method | |
US8819835B2 (en) | Silent-mode signature testing in anti-malware processing | |
US6546493B1 (en) | System, method and computer program product for risk assessment scanning based on detected anomalous events | |
US6944775B2 (en) | Scanner API for executing multiple scanning engines | |
RU2668710C1 (en) | Computing device and method for detecting malicious domain names in network traffic | |
US9396333B1 (en) | Thin client for computer security applications | |
US9930054B2 (en) | Detecting network traffic content | |
US8161557B2 (en) | System and method of caching decisions on when to scan for malware | |
US7650639B2 (en) | System and method for protecting a limited resource computer from malware | |
EP2486507B1 (en) | Malware detection by application monitoring | |
US7003561B1 (en) | System, method and computer program product for improved efficiency in network assessment utilizing a port status pre-qualification procedure | |
US7836504B2 (en) | On-access scan of memory for malware | |
US7549168B1 (en) | Network-based risk-assessment tool for remotely detecting local computer vulnerabilities | |
US8266703B1 (en) | System, method and computer program product for improving computer network intrusion detection by risk prioritization | |
US8392996B2 (en) | Malicious software detection | |
US6963978B1 (en) | Distributed system and method for conducting a comprehensive search for malicious code in software | |
US20130227691A1 (en) | Detecting Malicious Network Content | |
EP3430557A1 (en) | System and method for reverse command shell detection | |
GB2432933A (en) | Network security apparatus which extracts a data stream from network traffic and performs an initial operation on the data before scanning for viruses. | |
JP2010079901A (en) | Method for graduated enforcement of restriction according to application reputation and computer program thereof | |
US8458789B1 (en) | System, method and computer program product for identifying unwanted code associated with network communications | |
GB2432934A (en) | Virus scanning for subscribers in a network environment | |
US7340775B1 (en) | System, method and computer program product for precluding writes to critical files |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: NETWORKS ASSOCIATES TECHNOLOGY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HURSEY, NEIL JOHN;REEL/FRAME:012406/0597 Effective date: 20011219 |
|
AS | Assignment |
Owner name: NETWORKS ASSOCIATES TECHNOLOGY, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HURSEY, NEIL JOHN;REEL/FRAME:012681/0463 Effective date: 20020129 |
|
AS | Assignment |
Owner name: MCAFEE, INC.,CALIFORNIA Free format text: MERGER;ASSIGNOR:NETWORKS ASSOCIATES TECHNOLOGY, INC.;REEL/FRAME:016646/0513 Effective date: 20041119 Owner name: MCAFEE, INC., CALIFORNIA Free format text: MERGER;ASSIGNOR:NETWORKS ASSOCIATES TECHNOLOGY, INC.;REEL/FRAME:016646/0513 Effective date: 20041119 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
FEPP | Fee payment procedure |
Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
AS | Assignment |
Owner name: MCAFEE, LLC, CALIFORNIA Free format text: CHANGE OF NAME AND ENTITY CONVERSION;ASSIGNOR:MCAFEE, INC.;REEL/FRAME:043665/0918 Effective date: 20161220 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553) Year of fee payment: 12 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, N.A., NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:MCAFEE, LLC;REEL/FRAME:045055/0786 Effective date: 20170929 Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: SECURITY INTEREST;ASSIGNOR:MCAFEE, LLC;REEL/FRAME:045056/0676 Effective date: 20170929 |
|
AS | Assignment |
Owner name: MORGAN STANLEY SENIOR FUNDING, INC., MARYLAND Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE PATENT 6336186 PREVIOUSLY RECORDED ON REEL 045056 FRAME 0676. ASSIGNOR(S) HEREBY CONFIRMS THE SECURITY INTEREST;ASSIGNOR:MCAFEE, LLC;REEL/FRAME:054206/0593 Effective date: 20170929 Owner name: JPMORGAN CHASE BANK, N.A., NEW YORK Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE REMOVE PATENT 6336186 PREVIOUSLY RECORDED ON REEL 045055 FRAME 786. ASSIGNOR(S) HEREBY CONFIRMS THE SECURITY INTEREST;ASSIGNOR:MCAFEE, LLC;REEL/FRAME:055854/0047 Effective date: 20170929 |
|
AS | Assignment |
Owner name: MCAFEE, LLC, CALIFORNIA Free format text: RELEASE OF INTELLECTUAL PROPERTY COLLATERAL - REEL/FRAME 045055/0786;ASSIGNOR:JPMORGAN CHASE BANK, N.A., AS COLLATERAL AGENT;REEL/FRAME:054238/0001 Effective date: 20201026 |
|
AS | Assignment |
Owner name: MCAFEE, LLC, CALIFORNIA Free format text: RELEASE OF INTELLECTUAL PROPERTY COLLATERAL - REEL/FRAME 045056/0676;ASSIGNOR:MORGAN STANLEY SENIOR FUNDING, INC., AS COLLATERAL AGENT;REEL/FRAME:059354/0213 Effective date: 20220301 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT AND COLLATERAL AGENT, NEW YORK Free format text: SECURITY INTEREST;ASSIGNOR:MCAFEE, LLC;REEL/FRAME:059354/0335 Effective date: 20220301 |
|
AS | Assignment |
Owner name: JPMORGAN CHASE BANK, N.A., AS ADMINISTRATIVE AGENT, NEW YORK Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE THE PATENT TITLES AND REMOVE DUPLICATES IN THE SCHEDULE PREVIOUSLY RECORDED AT REEL: 059354 FRAME: 0335. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:MCAFEE, LLC;REEL/FRAME:060792/0307 Effective date: 20220301 |